Skip to main content

💼 [RDS.23] RDS instances should not use a database engine default port

  • Contextual name: 💼 [RDS.23] RDS instances should not use a database engine default port
  • ID: /frameworks/aws-fsbp-v1.0.0/rds/23
  • Located in: 💼 Relational Database Service (RDS)

Description

If you use a known port to deploy an RDS cluster or instance, an attacker can guess information about the cluster or instance. The attacker can use this information in conjunction with other information to connect to an RDS cluster or instance or gain additional information about your application.

When you change the port, you must also update the existing connection strings that were used to connect to the old port. You should also check the security group of the DB instance to ensure that it includes an ingress rule that allows connectivity on the new port.

Similar

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement326889
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows3746
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection29450
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services28
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(5) Boundary Protection _ Deny by Default — Allow by Exception418
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic22
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components23
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components22

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)

PolicyLogic CountFlags
📝 AWS RDS Instance uses default endpoint port 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-fd0bfd1b1